content/common/sandbox_linux/sandbox_linux.cc - Issue 868233011: Start all children in their own PID namespace.

Unified Diff: content/common/sandbox_linux/sandbox_linux.cc

Issue 868233011: Start all children in their own PID namespace. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Respond to some comments. Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/common/sandbox_linux/sandbox_linux.cc

diff --git a/content/common/sandbox_linux/sandbox_linux.cc b/content/common/sandbox_linux/sandbox_linux.cc

index 5eee4e1d6c14d47e785a0ac42e4c8a77a93d6383..3e681a94d44f0d1154ba527fd8af361ebd9e84c6 100644

--- a/content/common/sandbox_linux/sandbox_linux.cc

+++ b/content/common/sandbox_linux/sandbox_linux.cc

@@ -186,7 +186,12 @@ void LinuxSandbox::EngageNamespaceSandbox() {

// Note: this requires SealSandbox() to be called later in this process to be

// safe, as this class is keeping a file descriptor to /proc/.

CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_));

- CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_));

+ // We do not drop CAP_SYS_ADMIN because we need it to place each child process

+ // in its own PID namespace later on.

+ const std::vector<sandbox::LinuxCapability> caps(

+ 1, sandbox::LinuxCapability::kCapSysAdmin);

jln (very slow on Chromium) 2015/03/24 22:03:34 Why the value 1? That's CAP_DAC_OVERRIDE, right?

rickyz (no longer on Chrome) 2015/03/25 22:47:46 This is an ugly way to initialize the vector with

jln (very slow on Chromium) 2015/03/25 23:47:50 Ooch, misread that. I can't understand why this w

+ CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps));

// This needs to happen after moving to a new user NS, since doing so involves

// writing the UID/GID map.